Version 11.08.00 Release Notes

Summary: A high-level overview of the changes/updates included in RiskSense Version 11.08.00, released on December 17, 2021

The RiskSense platform version 11.08.00 update includes the following features and enhancements:

• Integrations

  • Atlassian Jira Configuration Updates

• List View Enhancements

  • New OWASP Filters on the Vulnerabilities Page

  • CWE Top 25 KPI Card Update

• Dashboards

  • Update to Application Security Dashboard

• Reporting

  • Update to OWASP to CWE Executive Vulnerability Report Infographic

• Miscellaneous Changes

  • System Filters Updates

  • Q4 2021 EOL Widgets Removed

  • Workflow Authorization Type Alphabetized

• Fixed Issues

• Known Issues

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to [email protected].

Integrations

Atlassian Jira Configuration Updates

New configuration checkbox under “RiskSense Defaults” called “Configure Priority Sync”. Once selected, the user can select a score metric, either VRR or Severity, and map it to the list of priority values from JIRA. Once this configuration is made, RiskSense will map scores from either VRR or Severity (based on user selection) to the Jira ticket’s priority.

• If there is one finding per ticket, then priority will be set based on Finding’s VRR/Severity.

• In case of more than one finding, the highest score is chosen and maps to the Jira ticket as priority.

List View Enhancements

New OWASP Filters on the Vulnerabilities Page

New OWASP filters have been added to the Vulnerabilities page.

• “Has OWASP Top 10” filters vulnerabilities whether it is associated with a weakness mapped to an OWASP category.

• “OWASP Top 10 Year” filters vulnerabilities whether they are on the OWASP Top 10 list by the year(s) selected.

• “OWASP Top 10” filters vulnerabilities based on its association to the current 2021 OWASP Top 10 list.

CWE Top 25 KPI Card Update

The CWE Top 25 KPI card on the Weaknesses page now uses the 2021 CWE Top 25 list, and there is a new quick filter for the 2021 list.

Dashboards

Update to Application Security Dashboard

The “Open Application Findings with Top Software Weaknesses” and “CWE Top 25 Most Dangerous Software Weaknesses” widgets were updated to use the 2021 CWE Top 25 list.

Reporting

Update to OWASP to CWE Executive Vulnerability Report Infographic

The OWASP to CWE infographic on the Executive Vulnerability Report has been updated with the 2021 OWASP Top 10 categories and the 2021 CWE Top 25 list.

Miscellaneous Changes

System Filters Updates

New system filters were added to the Hosts, Applications, Host Findings, Application Findings, and Vulnerabilities pages:

• “DHS-CISA Top Exploited 2021” system filter was updated on December 1st, 2021, with the newest vulnerabilities.

• “Microsoft LPE 11-29-2021” system filter covers the Local Privilege Escalation (LPE) zero-day hack on Windows.

• “Apache Log4j 2021” system filter captures zero-day exploit (CVE-2021-44228) in Log4j java and DoS (CVE-2021-45046).

• Patch Tuesday filters have been added from June 2021 to December 2021.

Q4 2021 EOL Widgets Removed

Widgets with the “Q4 2021 EOL” tag have been removed from all dashboards, including custom dashboards. Users will see a blank widget with the message “This widget is no longer available.” You can edit a custom dashboard to remove a blank widget. Additionally, the “Q4 2021 EOL” tag no longer appears in the widget gallery.

Workflow Authorization Type Alphabetized

The drop-down menu for “Scope Override Authorization” has been alphabetized.

Fixed Issues

• The email download link now successfully downloads the export when the user navigates to the link.

• Users should now see all applications from the Fortify SCA/Fortify WebInspect connector represented in the RiskSense platform.

• RDNS data is now visible under the Asset Details section for Tenable scanners.

• Finding History label of “Unknown Operation” is when a workflow expires and re-opens a finding has been fixed.

• Playbook assign and un-assign rules now exclude disabled users.

• Deprecated jobs are now removed from the Type drop-down filter on the Jobs page.

• The Top 50 High-Impact Findings widget now applies two sorts to the results, prioritizing results first based on the user's selected configuration.

• In the RiskSense Security Score (RS³) widget, the user can view the score ranges around the main dial by hovering their mouse pointer over it.

• If an assessment is in multiple groups, it is now displayed correctly in the detail pane for all the mapped groups.

Known Issues

• The Vuln KB default page size is set to 15 items until slowness resolution is found.

• The first time that you click the “Open Findings” column in the Top 50 High-Impact Unique Findings widget, the Finding Footprint column will not load if you have that column enabled.